--- /dev/null
+From 90515e7f5d7d24cbb2a4038a3f1b5cfa2921aa17 Mon Sep 17 00:00:00 2001
+From: Wang Shilong <wangsl.fnst@cn.fujitsu.com>
+Date: Tue, 7 Jan 2014 17:26:58 +0800
+Subject: Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot()
+
+From: Wang Shilong <wangsl.fnst@cn.fujitsu.com>
+
+commit 90515e7f5d7d24cbb2a4038a3f1b5cfa2921aa17 upstream.
+
+We may return early in btrfs_drop_snapshot(), we shouldn't
+call btrfs_std_err() for this case, fix it.
+
+Signed-off-by: Wang Shilong <wangsl.fnst@cn.fujitsu.com>
+Signed-off-by: Josef Bacik <jbacik@fb.com>
+Signed-off-by: Chris Mason <clm@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/extent-tree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -7779,7 +7779,7 @@ out:
+ */
+ if (!for_reloc && root_dropped == false)
+ btrfs_add_dead_root(root);
+- if (err)
++ if (err && err != -EAGAIN)
+ btrfs_std_error(root->fs_info, err);
+ return err;
+ }
--- /dev/null
+From d024206133ce21936b3d5780359afc00247655b7 Mon Sep 17 00:00:00 2001
+From: David Sterba <dsterba@suse.cz>
+Date: Wed, 15 Jan 2014 18:15:52 +0100
+Subject: btrfs: restrict snapshotting to own subvolumes
+
+From: David Sterba <dsterba@suse.cz>
+
+commit d024206133ce21936b3d5780359afc00247655b7 upstream.
+
+Currently, any user can snapshot any subvolume if the path is accessible and
+thus indirectly create and keep files he does not own under his direcotries.
+This is not possible with traditional directories.
+
+In security context, a user can snapshot root filesystem and pin any
+potentially buggy binaries, even if the updates are applied.
+
+All the snapshots are visible to the administrator, so it's possible to
+verify if there are suspicious snapshots.
+
+Another more practical problem is that any user can pin the space used
+by eg. root and cause ENOSPC.
+
+Original report:
+https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/484786
+
+Signed-off-by: David Sterba <dsterba@suse.cz>
+Signed-off-by: Josef Bacik <jbacik@fb.com>
+Signed-off-by: Chris Mason <clm@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/ioctl.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/btrfs/ioctl.c
++++ b/fs/btrfs/ioctl.c
+@@ -1545,6 +1545,12 @@ static noinline int btrfs_ioctl_snap_cre
+ printk(KERN_INFO "btrfs: Snapshot src from "
+ "another FS\n");
+ ret = -EINVAL;
++ } else if (!inode_owner_or_capable(src_inode)) {
++ /*
++ * Subvolume creation is not restricted, but snapshots
++ * are limited to own subvolumes only
++ */
++ ret = -EPERM;
+ } else {
+ ret = btrfs_mksubvol(&file->f_path, name, namelen,
+ BTRFS_I(src_inode)->root,
--- /dev/null
+From 90d3e592e99b8e374ead2b45148abf506493a959 Mon Sep 17 00:00:00 2001
+From: Chris Mason <clm@fb.com>
+Date: Thu, 9 Jan 2014 17:28:00 -0800
+Subject: Btrfs: setup inode location during btrfs_init_inode_locked
+
+From: Chris Mason <clm@fb.com>
+
+commit 90d3e592e99b8e374ead2b45148abf506493a959 upstream.
+
+We have a race during inode init because the BTRFS_I(inode)->location is setup
+after the inode hash table lock is dropped. btrfs_find_actor uses the location
+field, so our search might not find an existing inode in the hash table if we
+race with the inode init code.
+
+This commit changes things to setup the location field sooner. Also the find actor now
+uses only the location objectid to match inodes. For inode hashing, we just
+need a unique and stable test, it doesn't have to reflect the inode numbers we
+show to userland.
+
+Signed-off-by: Chris Mason <clm@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/inode.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -60,7 +60,7 @@
+ #include "hash.h"
+
+ struct btrfs_iget_args {
+- u64 ino;
++ struct btrfs_key *location;
+ struct btrfs_root *root;
+ };
+
+@@ -4818,7 +4818,9 @@ again:
+ static int btrfs_init_locked_inode(struct inode *inode, void *p)
+ {
+ struct btrfs_iget_args *args = p;
+- inode->i_ino = args->ino;
++ inode->i_ino = args->location->objectid;
++ memcpy(&BTRFS_I(inode)->location, args->location,
++ sizeof(*args->location));
+ BTRFS_I(inode)->root = args->root;
+ return 0;
+ }
+@@ -4826,19 +4828,19 @@ static int btrfs_init_locked_inode(struc
+ static int btrfs_find_actor(struct inode *inode, void *opaque)
+ {
+ struct btrfs_iget_args *args = opaque;
+- return args->ino == btrfs_ino(inode) &&
++ return args->location->objectid == BTRFS_I(inode)->location.objectid &&
+ args->root == BTRFS_I(inode)->root;
+ }
+
+ static struct inode *btrfs_iget_locked(struct super_block *s,
+- u64 objectid,
++ struct btrfs_key *location,
+ struct btrfs_root *root)
+ {
+ struct inode *inode;
+ struct btrfs_iget_args args;
+- unsigned long hashval = btrfs_inode_hash(objectid, root);
++ unsigned long hashval = btrfs_inode_hash(location->objectid, root);
+
+- args.ino = objectid;
++ args.location = location;
+ args.root = root;
+
+ inode = iget5_locked(s, hashval, btrfs_find_actor,
+@@ -4855,13 +4857,11 @@ struct inode *btrfs_iget(struct super_bl
+ {
+ struct inode *inode;
+
+- inode = btrfs_iget_locked(s, location->objectid, root);
++ inode = btrfs_iget_locked(s, location, root);
+ if (!inode)
+ return ERR_PTR(-ENOMEM);
+
+ if (inode->i_state & I_NEW) {
+- BTRFS_I(inode)->root = root;
+- memcpy(&BTRFS_I(inode)->location, location, sizeof(*location));
+ btrfs_read_locked_inode(inode);
+ if (!is_bad_inode(inode)) {
+ inode_tree_add(inode);
virtio-scsi-fix-hotcpu_notifier-use-after-free-with-virtscsi_freeze.patch
iscsi-target-pre-allocate-more-tags-to-avoid-ack-starvation.patch
target-iscsi-fix-network-portal-creation-race.patch
+btrfs-handle-eagain-case-properly-in-btrfs_drop_snapshot.patch
+btrfs-setup-inode-location-during-btrfs_init_inode_locked.patch
+btrfs-restrict-snapshotting-to-own-subvolumes.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
